NewPosThings has new PoS things
Revision as of 19:40, 24 May 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=NewPOSThings, |Year=2015 |Date=2015-04-01 |Editor=TrendLabs Security Intelligence Blog |Link=http://blog.trendmicro.com/trendlabs-security-intelligence/n...")
(Publication) Google search: [1]
| NewPosThings has new PoS things | |
|---|---|
| Botnet | NewPOSThings |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2015 / 2015-04-01 |
| Editor/Conference | TrendLabs Security Intelligence Blog |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ (Archive copy) |
| Author | Jay Yaneza |
| Type | Blogpost |
Abstract
“ Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher.
The 64-bit version is out
Similar to the previous 32-bit version reported last year, the 64-bit sample is a multifunction Trojan that includes added functionalities and routines. These include RAM scraper capabilities, keylogging routines, dumping virtual network computing (VNC) passwords, and information gathering.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1583,
editor = {TrendLabs Security Intelligence Blog},
author = {Jay Yaneza},
title = {NewPosThings has new PoS things},
date = {01},
month = Apr,
year = {2015},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/}},
}